找CALL 找基址 失落方舟 拍卖行分析
外挂技术及游戏安全研究
本教程视频1920*1080分辩率下观看最佳
VS2017+win10 64位 环境
郁金香老师: 150330575 //Q+Q
欢迎大家参加 郁金香灬技术 游戏安全与外挂的研究学习。
兴趣是我们最好的老师
成长需要过程与循序渐进
兴趣+坚持+时间+优秀的课教程会帮助你快速成功
需要准备工具 CrazyDbg调试器和配套的CE和xdbg
免责申明:
本课程仅供个人学习和研究软件内含的设计思想和原理,不得用于非法用途.
参考
高级班
学习目标:
分析拍卖行数据 一口价,最高价,起拍价,ID,时间等属性
38500 41250
$ ==> 0000000000009664 起拍价? 38500
$+8 0000000000009664 最低出价? 38500
$+10 00
$+11 00 00000000D8AD4F //疑是分类ID //mov rax, qword ptr
$+19 00000000000000
$+20 000000000000A122//41250 一口价
$+28 0000000000000785
$+30 0000000000000000
$+38 0000000000000000
$-11D | E8 FA 4A AC 00 | call lostark.7FF6CFEEBED0 |
$-118 | 90 | nop |
$-117 | 48 8D 88 94 00 00 00 | lea rcx,qword ptr ds: |
$-110 | 48 8B 01 | mov rax,qword ptr ds: |
$-10D | FF 50 08 | call qword ptr ds: |
$-10A | 48 8B 05 5D 84 04 03 | mov rax,qword ptr ds: |
$-103 | 48 8D B0 20 01 00 00 | lea rsi,qword ptr ds: | +120
$-FC | 48 89 B5 A8 01 00 00 | mov qword ptr ss:,rsi |
$-F5 | 48 85 F6 | test rsi,rsi |
$-F2 | 0F 84 B4 16 00 00 | je lostark.7FF6CF428AB6 |
$-EC | 85 DB | test ebx,ebx |
$-EA | 75 11 | jne lostark.7FF6CF427417 |
$-E8 | 48 8B 87 F1 00 00 00 | mov rax,qword ptr ds: |
$-E1 | 49 39 46 11 | cmp qword ptr ds:,rax |
$-DD | 0F 85 9F 16 00 00 | jne lostark.7FF6CF428AB6 |
$-D7 | 49 8B 46 11 | mov rax,qword ptr ds: |
$-D3 | 48 89 85 88 03 00 00 | mov qword ptr ss:,rax |
$-CC | 48 89 87 F1 00 00 00 | mov qword ptr ds:,rax |
$-C5 | 48 8D 8F 20 01 00 00 | lea rcx,qword ptr ds: |
$-BE | 49 8D 56 40 | lea rdx,qword ptr ds: |
$-BA | E8 37 A9 3B FF | call lostark.7FF6CE7E1D70 |
$-B5 | 49 8B 46 08 | mov rax,qword ptr ds: |
$-B1 | 48 89 87 E8 00 00 00 | mov qword ptr ds:,rax |
$-AA | 49 8B 46 20 | mov rax,qword ptr ds: |
$-A6 | 48 89 87 00 01 00 00 | mov qword ptr ds:,rax |
$-9F | 49 8B 46 28 | mov rax,qword ptr ds: |
$-9B | 48 89 87 08 01 00 00 | mov qword ptr ds:,rax |
$-94 | 41 0F B6 86 10 07 00 00 | movzx eax,byte ptr ds: |
$-8C | 88 87 F0 07 00 00 | mov byte ptr ds:,al |
$-86 | 49 8B 86 11 07 00 00 | mov rax,qword ptr ds: |
$-7F | 48 89 87 F1 07 00 00 | mov qword ptr ds:,rax |
$-78 | 41 80 7E 19 00 | cmp byte ptr ds:,0 |
$-73 | 0F 95 C0 | setne al |
$-70 | 84 C0 | test al,al |
$-6E | 0F 95 C0 | setne al |
$-6B | 88 87 F9 00 00 00 | mov byte ptr ds:,al |
$-65 | 49 8B 46 38 | mov rax,qword ptr ds: |
$-61 | 48 89 87 18 01 00 00 | mov qword ptr ds:,rax |
$-5A | 49 8B 06 | mov rax,qword ptr ds: |
$-57 | 48 89 87 E0 00 00 00 | mov qword ptr ds:,rax |
$-50 | 49 8B 56 30 | mov rdx,qword ptr ds: |
$-4C | 48 89 95 C0 01 00 00 | mov qword ptr ss:,rdx |
$-45 | 48 8B 87 10 01 00 00 | mov rax,qword ptr ds: |
$-3E | 48 89 85 00 02 00 00 | mov qword ptr ss:,rax |
$-37 | 48 8D 8D C0 01 00 00 | lea rcx,qword ptr ss: |
$-30 | 4C 8D 85 00 02 00 00 | lea r8,qword ptr ss: |
$-29 | 48 3B C2 | cmp rax,rdx |
$-26 | 49 0F 4D C8 | cmovge rcx,r8 |
$-22 | 48 8B 01 | mov rax,qword ptr ds: |
$-1F | 48 89 87 10 01 00 00 | mov qword ptr ds:,rax |
$-18 | 41 0F B6 46 10 | movzx eax,byte ptr ds: |
$-13 | 88 87 F0 00 00 00 | mov byte ptr ds:,al |
$-D | 45 33 C0 | xor r8d,r8d |
$-A | B2 02 | mov dl,2 |
$-8 | 48 8B CE | mov rcx,rsi | +120
$-5 | E8 E2 1D AF 00 | call <lostark.返回当前金币数量> |
$ ==> | 4C 8B F8 | mov r15,rax | rsp+1350+38 //返回地址
$+3 | 4C 03 BF 10 01 00 00 | add r15,qword ptr ds: |
$+A | 48 8D 0D 49 8D C5 01 | lea rcx,qword ptr ds: |
$+11 | FF 15 BB 62 BF 01 | call qword ptr ds:[<&appStrlen>] |
$+17 | 8D 58 01 | lea ebx,dword ptr ds: |
$+1A | 48 8D 4D 80 | lea rcx,qword ptr ss: |
38500 41250
$ ==> 0000000000009664 起拍价? 38500
$+8 0000000000009664 最低出价? 38500
$+10 00
$+11 00 00000000D8AD4F //疑是分类ID //mov rax, qword ptr
$+19 00000000000000
$+20 000000000000A122//41250 一口价
$+28 0000000000000785
$+30 0000000000000000
$+38 0000000000000000
$-10A | 48 8B 05 5D 84 04 03 | mov rax,qword ptr ds: | 基址
$-103 | 48 8D B0 20 01 00 00 | lea rsi,qword ptr ds: | +120
$-FC | 48 89 B5 A8 01 00 00 | mov qword ptr ss:,rsi |
$-F5 | 48 85 F6 | test rsi,rsi |
$-F2 | 0F 84 B4 16 00 00 | je lostark.7FF6CF428AB6 |
$-EC | 85 DB | test ebx,ebx |
$-EA | 75 11 | jne lostark.7FF6CF427417 |
$-E8 | 48 8B 87 F1 00 00 00 | mov rax,qword ptr ds: |
$-E1 | 49 39 46 11 | cmp qword ptr ds:,rax | +011 //UINT64 分类ID?
$-DD | 0F 85 9F 16 00 00 | jne lostark.7FF6CF428AB6 |
$-D7 | 49 8B 46 11 | mov rax,qword ptr ds: | +011 //UINT64 分类ID?
$-D3 | 48 89 85 88 03 00 00 | mov qword ptr ss:,rax |
$-CC | 48 89 87 F1 00 00 00 | mov qword ptr ds:,rax |
$-C5 | 48 8D 8F 20 01 00 00 | lea rcx,qword ptr ds: |
$-BE | 49 8D 56 40 | lea rdx,qword ptr ds: | +040 //struct ???
$-BA | E8 37 A9 3B FF | call lostark.7FF6CE7E1D70 |
$-B5 | 49 8B 46 08 | mov rax,qword ptr ds: | +08 // 最低出价? 38500
$-B1 | 48 89 87 E8 00 00 00 | mov qword ptr ds:,rax |
$-AA | 49 8B 46 20 | mov rax,qword ptr ds: | +20 //一口价
$-A6 | 48 89 87 00 01 00 00 | mov qword ptr ds:,rax |
$-9F | 49 8B 46 28 | mov rax,qword ptr ds: | +28
$-9B | 48 89 87 08 01 00 00 | mov qword ptr ds:,rax |
$-94 | 41 0F B6 86 10 07 00 00 | movzx eax,byte ptr ds: | +710 //BYTE
$-8C | 88 87 F0 07 00 00 | mov byte ptr ds:,al |
$-86 | 49 8B 86 11 07 00 00 | mov rax,qword ptr ds: | +711 //UINT64
$-7F | 48 89 87 F1 07 00 00 | mov qword ptr ds:,rax |
$-78 | 41 80 7E 19 00 | cmp byte ptr ds:,0 | +019 //BYTE
$-73 | 0F 95 C0 | setne al |
$-70 | 84 C0 | test al,al |
$-6E | 0F 95 C0 | setne al |
$-6B | 88 87 F9 00 00 00 | mov byte ptr ds:,al |
$-65 | 49 8B 46 38 | mov rax,qword ptr ds: | +038 //UINT64
$-61 | 48 89 87 18 01 00 00 | mov qword ptr ds:,rax |
$-5A | 49 8B 06 | mov rax,qword ptr ds: | +000 //起拍价? 38500
$-57 | 48 89 87 E0 00 00 00 | mov qword ptr ds:,rax |
$-50 | 49 8B 56 30 | mov rdx,qword ptr ds: | +030 //UINT64
$-4C | 48 89 95 C0 01 00 00 | mov qword ptr ss:,rdx |
$-45 | 48 8B 87 10 01 00 00 | mov rax,qword ptr ds: |
$-3E | 48 89 85 00 02 00 00 | mov qword ptr ss:,rax |
$-37 | 48 8D 8D C0 01 00 00 | lea rcx,qword ptr ss: |
$-30 | 4C 8D 85 00 02 00 00 | lea r8,qword ptr ss: |
$-29 | 48 3B C2 | cmp rax,rdx |
$-26 | 49 0F 4D C8 | cmovge rcx,r8 |
$-22 | 48 8B 01 | mov rax,qword ptr ds: |
$-1F | 48 89 87 10 01 00 00 | mov qword ptr ds:,rax |
$-18 | 41 0F B6 46 10 | movzx eax,byte ptr ds: | +010 //BYTE
$-13 | 88 87 F0 00 00 00 | mov byte ptr ds:,al |
$-D | 45 33 C0 | xor r8d,r8d |
$-A | B2 02 | mov dl,2 |
$-8 | 48 8B CE | mov rcx,rsi | +120
$-5 | E8 E2 1D AF 00 | call <lostark.返回当前金币数量> |
$ ==> | 4C 8B F8 | mov r15,rax | rsp+1350+38 //返回地址
$+3 | 4C 03 BF 10 01 00 00 | add r15,qword ptr ds: |
$+A | 48 8D 0D 49 8D C5 01 | lea rcx,qword ptr ds: |
$+11 | FF 15 BB 62 BF 01 | call qword ptr ds:[<&appStrlen>] |
$+17 | 8D 58 01 | lea ebx,dword ptr ds: |
$-1AE | 40 55 | push rbp |
$-1AC | 56 | push rsi |
$-1AB | 57 | push rdi |
$-1AA | 41 54 | push r12 |
$-1A8 | 41 55 | push r13 |
$-1A6 | 41 56 | push r14 |
$-1A4 | 41 57 | push r15 |
$-1A2 | 48 8D AC 24 B0 ED FF FF | lea rbp,qword ptr ss: |
$-19A | B8 50 13 00 00 | mov eax,1350 |
$-195 | E8 22 39 78 01 | call <lostark.RSP堆栈上分配内存空间> |
$-190 | 48 2B E0 | sub rsp,rax |
$-18D | 48 C7 85 80 03 00 00 FE FF FF| mov qword ptr ss:,FFFFFFFFFFFFFF |
$-182 | 48 89 9C 24 A0 13 00 00 | mov qword ptr ss:,rbx |
$-17A | 48 8B 05 C5 0D 02 03 | mov rax,qword ptr ds: |
$-173 | 48 33 C4 | xor rax,rsp |
$-170 | 48 89 85 40 12 00 00 | mov qword ptr ss:,rax |
$-169 | 41 8B D8 | mov ebx,r8d |
$-166 | 4C 8B F2 | mov r14,rdx | 下节课 继续向上追数据来源
$-163 | 48 8B F9 | mov rdi,rcx |
$-160 | 4C 8B 69 0C | mov r13,qword ptr ds: |
$-15C | 4D 85 ED | test r13,r13 |
$-159 | 0F 84 1B 17 00 00 | je lostark.7FF6CF428AB6 |
$-153 | 49 8B CD | mov rcx,r13 |
$-150 | E8 6D 24 63 00 | call lostark.7FF6CFA59810 |
$-14B | 85 C0 | test eax,eax |
$-149 | 0F 84 0B 17 00 00 | je lostark.7FF6CF428AB6 |
$-143 | 48 8B 05 96 84 04 03 | mov rax,qword ptr ds: |
$-13C | 48 85 C0 | test rax,rax |
$-139 | 75 34 | jne lostark.7FF6CF4273EB |
$-137 | 8D 50 08 | lea edx,dword ptr ds: |
$-134 | B9 68 16 00 00 | mov ecx,1668 |
$-12F | FF 15 D3 63 BF 01 | call qword ptr ds:[<&appMalloc>] |
$-129 | 48 89 45 C8 | mov qword ptr ss:,rax |
$-125 | 48 85 C0 | test rax,rax |
$-122 | 74 09 | je lostark.7FF6CF4273D7 |
$-120 | 48 8B C8 | mov rcx,rax |
$-11D | E8 FA 4A AC 00 | call lostark.7FF6CFEEBED0 |
$-118 | 90 | nop |
$-117 | 48 8D 88 94 00 00 00 | lea rcx,qword ptr ds: |
$-110 | 48 8B 01 | mov rax,qword ptr ds: |
$-10D | FF 50 08 | call qword ptr ds: |
$-10A | 48 8B 05 5D 84 04 03 | mov rax,qword ptr ds: | 基址
$-103 | 48 8D B0 20 01 00 00 | lea rsi,qword ptr ds: | +120
$-FC | 48 89 B5 A8 01 00 00 | mov qword ptr ss:,rsi |
$-F5 | 48 85 F6 | test rsi,rsi |
$-F2 | 0F 84 B4 16 00 00 | je lostark.7FF6CF428AB6 |
$-EC | 85 DB | test ebx,ebx |
$-EA | 75 11 | jne lostark.7FF6CF427417 |
$-E8 | 48 8B 87 F1 00 00 00 | mov rax,qword ptr ds: |
$-E1 | 49 39 46 11 | cmp qword ptr ds:,rax | +011 //UINT64 分类ID?
$-DD | 0F 85 9F 16 00 00 | jne lostark.7FF6CF428AB6 |
$-D7 | 49 8B 46 11 | mov rax,qword ptr ds: | +011 //UINT64 分类ID?
$-D3 | 48 89 85 88 03 00 00 | mov qword ptr ss:,rax |
$-CC | 48 89 87 F1 00 00 00 | mov qword ptr ds:,rax |
$-C5 | 48 8D 8F 20 01 00 00 | lea rcx,qword ptr ds: | rdi+120:L".dll,-572"
$-BE | 49 8D 56 40 | lea rdx,qword ptr ds: | +040 //struct ???
$-BA | E8 37 A9 3B FF | call lostark.7FF6CE7E1D70 |
$-B5 | 49 8B 46 08 | mov rax,qword ptr ds: | +08 // 最低出价? 38500
$-B1 | 48 89 87 E8 00 00 00 | mov qword ptr ds:,rax | :Ordinal95+100
$-AA | 49 8B 46 20 | mov rax,qword ptr ds: | +20 //一口价
$-A6 | 48 89 87 00 01 00 00 | mov qword ptr ds:,rax |
$-9F | 49 8B 46 28 | mov rax,qword ptr ds: | +28
$-9B | 48 89 87 08 01 00 00 | mov qword ptr ds:,rax |
$-94 | 41 0F B6 86 10 07 00 00 | movzx eax,byte ptr ds: | +710 //BYTE
$-8C | 88 87 F0 07 00 00 | mov byte ptr ds:,al |
$-86 | 49 8B 86 11 07 00 00 | mov rax,qword ptr ds: | +711 //UINT64
$-7F | 48 89 87 F1 07 00 00 | mov qword ptr ds:,rax |
$-78 | 41 80 7E 19 00 | cmp byte ptr ds:,0 | +019 //BYTE
$-73 | 0F 95 C0 | setne al |
$-70 | 84 C0 | test al,al |
$-6E | 0F 95 C0 | setne al |
$-6B | 88 87 F9 00 00 00 | mov byte ptr ds:,al |
$-65 | 49 8B 46 38 | mov rax,qword ptr ds: | +038 //UINT64
$-61 | 48 89 87 18 01 00 00 | mov qword ptr ds:,rax | rdi+118:L"zres.dll,-572"
$-5A | 49 8B 06 | mov rax,qword ptr ds: | +000 //起拍价? 38500
$-57 | 48 89 87 E0 00 00 00 | mov qword ptr ds:,rax |
$-50 | 49 8B 56 30 | mov rdx,qword ptr ds: | +030 //UINT64
$-4C | 48 89 95 C0 01 00 00 | mov qword ptr ss:,rdx |
$-45 | 48 8B 87 10 01 00 00 | mov rax,qword ptr ds: |
$-3E | 48 89 85 00 02 00 00 | mov qword ptr ss:,rax |
$-37 | 48 8D 8D C0 01 00 00 | lea rcx,qword ptr ss: |
$-30 | 4C 8D 85 00 02 00 00 | lea r8,qword ptr ss: |
$-29 | 48 3B C2 | cmp rax,rdx |
$-26 | 49 0F 4D C8 | cmovge rcx,r8 |
$-22 | 48 8B 01 | mov rax,qword ptr ds: |
$-1F | 48 89 87 10 01 00 00 | mov qword ptr ds:,rax |
$-18 | 41 0F B6 46 10 | movzx eax,byte ptr ds: | +010 //BYTE
$-13 | 88 87 F0 00 00 00 | mov byte ptr ds:,al |
$-D | 45 33 C0 | xor r8d,r8d |
$-A | B2 02 | mov dl,2 |
$-8 | 48 8B CE | mov rcx,rsi | +120
$-5 | E8 E2 1D AF 00 | call <lostark.返回当前金币数量> |
$ ==> | 4C 8B F8 | mov r15,rax | rsp+1350+38 //返回地址
$+3 | 4C 03 BF 10 01 00 00 | add r15,qword ptr ds: |
$+A | 48 8D 0D 49 8D C5 01 | lea rcx,qword ptr ds: |
$+11 | FF 15 BB 62 BF 01 | call qword ptr ds:[<&appStrlen>] |
$+17 | 8D 58 01 | lea ebx,dword ptr ds: |
$+1A | 48 8D 4D 80 | lea rcx,qword ptr ss: |
$+1E | FF 15 96 62 BF 01 | call qword ptr ds:[<&FCoverReference::FCo |
$+24 | 90 | nop |
$+25 | 89 5D 88 | mov dword ptr ss:,ebx |
$+28 | 89 5D 8C | mov dword ptr ss:,ebx |
$+2B | 41 B9 02 00 00 00 | mov r9d,2 |
$+31 | 44 8B C3 | mov r8d,ebx |
$+34 | 33 D2 | xor edx,edx |
$+36 | 48 8D 4D 80 | lea rcx,qword ptr ss: |
$+3A | FF 15 8A 62 BF 01 | call qword ptr ds:[<&FHeapAllocator::ForA |
$+40 | 90 | nop |
$+41 | 48 63 45 88 | movsxd rax,dword ptr ss: |
$+45 | 85 C0 | test eax,eax |
$+47 | 74 17 | je lostark.7FF6CF42754E |
$+49 | 4C 8B C0 | mov r8,rax |
$+4C | 4D 03 C0 | add r8,r8 |
$+4F | 48 8D 15 04 8D C5 01 | lea rdx,qword ptr ds: |
$+56 | 48 8B 4D 80 | mov rcx,qword ptr ss: |
$+5A | E8 43 35 78 01 | call <lostark.memcpy> |
$+5F | 90 | nop |
$+60 | 49 8B 56 20 | mov rdx,qword ptr ds: |
$+64 | 48 8D 35 AF 6A C2 01 | lea rsi,qword ptr ds: |
$+6B | 48 85 D2 | test rdx,rdx |
$+6E | 0F 84 F9 00 00 00 | je lostark.7FF6CF42765B |
$+74 | 48 8D 4D 80 | lea rcx,qword ptr ss: |
$+78 | 4C 3B FA | cmp r15,rdx |
$+7B | 0F 8D E1 00 00 00 | jge lostark.7FF6CF427650 |
$+81 | E8 AC 46 4C 00 | call lostark.7FF6CF8EBC20 |
$+86 | 8B 5D 88 | mov ebx,dword ptr ss: |
$+89 | 48 8D 4D 48 | lea rcx,qword ptr ss: |
$+8D | FF 15 27 62 BF 01 | call qword ptr ds:[<&FCoverReference::FCo |
$+93 | 90 | nop |
$+94 | 89 5D 50 | mov dword ptr ss:,ebx |
$+97 | 89 5D 54 | mov dword ptr ss:,ebx |
$+9A | 41 B9 02 00 00 00 | mov r9d,2 |
$+A0 | 44 8B C3 | mov r8d,ebx |
$+A3 | 33 D2 | xor edx,edx |
$+A5 | 48 8D 4D 48 | lea rcx,qword ptr ss: |
$+A9 | FF 15 1B 62 BF 01 | call qword ptr ds:[<&FHeapAllocator::ForA |
$+AF | 90 | nop |
$+B0 | 48 63 45 50 | movsxd rax,dword ptr ss: |
$+B4 | 85 C0 | test eax,eax |
$+B6 | 74 14 | je lostark.7FF6CF4275BA |
$+B8 | 4C 8B C0 | mov r8,rax |
$+BB | 4D 03 C0 | add r8,r8 |
$+BE | 48 8B 55 80 | mov rdx,qword ptr ss: |
$+C2 | 48 8B 4D 48 | mov rcx,qword ptr ss: |
$+C6 | E8 D7 34 78 01 | call <lostark.memcpy> |
$+CB | 90 | nop |
$+CC | C7 44 24 20 00 00 00 00 | mov dword ptr ss:,0 |
$+D4 | 45 33 C9 | xor r9d,r9d |
$+D7 | 41 B8 FF 00 00 00 | mov r8d,FF |
$+DD | 48 8D 95 F0 01 00 00 | lea rdx,qword ptr ss: |
$+E4 | 48 8D 4D 48 | lea rcx,qword ptr ss: |
$+E8 | E8 D5 63 FD FF | call lostark.7FF6CF3FD9B0 |
$+ED | 48 8B D8 | mov rbx,rax |
$+F0 | 48 8D 45 80 | lea rax,qword ptr ss: |
$+F4 | 48 3B C3 | cmp rax,rbx |
$+F7 | 74 42 | je lostark.7FF6CF427629 |
$+F9 | 44 8B 43 08 | mov r8d,dword ptr ds: |
$+FD | 44 89 45 8C | mov dword ptr ss:,r8d |
$+101 | 44 89 45 88 | mov dword ptr ss:,r8d |
$+105 | 33 D2 | xor edx,edx |
$+107 | 44 8D 4A 02 | lea r9d,dword ptr ds: |
$+10B | 48 8D 4D 80 | lea rcx,qword ptr ss: |
$+10F | FF 15 B5 61 BF 01 | call qword ptr ds:[<&FHeapAllocator::ForA |
$+115 | 48 63 45 88 | movsxd rax,dword ptr ss: |
$+119 | 85 C0 | test eax,eax |
$+11B | 74 1E | je lostark.7FF6CF427629 |
$+11D | 83 7B 08 00 | cmp dword ptr ds:,0 |
$+121 | 74 05 | je lostark.7FF6CF427616 |
$+123 | 48 8B 13 | mov rdx,qword ptr ds: |
$+126 | EB 03 | jmp lostark.7FF6CF427619 |
$+128 | 48 8B D6 | mov rdx,rsi |
$+12B | 4C 8B C0 | mov r8,rax |
$+12E | 4D 03 C0 | add r8,r8 |
$+131 | 48 8B 4D 80 | mov rcx,qword ptr ss: |
$+135 | E8 68 34 78 01 | call <lostark.memcpy> |
$+13A | 90 | nop |
$+13B | 33 DB | xor ebx,ebx |
$+13D | 48 89 9D F8 01 00 00 | mov qword ptr ss:,rbx |
$+144 | 48 8D 8D F0 01 00 00 | lea rcx,qword ptr ss: |
$+14B | FF 15 71 61 BF 01 | call qword ptr ds:[<&FHeapAllocator::ForA |
$+151 | 90 | nop |
$+152 | 48 89 5D 50 | mov qword ptr ss:,rbx |
$+156 | 48 8D 4D 48 | lea rcx,qword ptr ss: |
$+15A | FF 15 62 61 BF 01 | call qword ptr ds:[<&FHeapAllocator::ForA |
$+160 | EB 0D | jmp lostark.7FF6CF42765D |
$+162 | 45 33 C9 | xor r9d,r9d |
$+165 | 45 33 C0 | xor r8d,r8d |
$+168 | E8 95 4D 4C 00 | call lostark.7FF6CF8EC3F0 |
$+16D | 33 DB | xor ebx,ebx |
$+16F | 8B D3 | mov edx,ebx |
$+171 | 49 83 7E 20 00 | cmp qword ptr ds:,0 |
$+176 | 0F 95 C2 | setne dl |
$+179 | 48 8B 8F A0 00 00 00 | mov rcx,qword ptr ds: |
$+180 | E8 9D C7 21 00 | call lostark.7FF6CF643E10 |
$+185 | 48 8B 8F 98 00 00 00 | mov rcx,qword ptr ds: |
$+18C | 48 8B 01 | mov rax,qword ptr ds: |
$+18F | 45 33 C0 | xor r8d,r8d |
$+192 | 48 8D 55 80 | lea rdx,qword ptr ss: |
$+196 | FF 90 B0 00 00 00 | call qword ptr ds: |
$+19C | 48 8D 4D 78 | lea rcx,qword ptr ss: |
$+1A0 | FF 15 14 61 BF 01 | call qword ptr ds:[<&FCoverReference::FCo |
$+1A6 | 48 C7 85 80 00 00 00 00 00 00| mov qword ptr ss:,0 |
$+1B1 | 45 33 C9 | xor r9d,r9d |
$+1B4 | 45 33 C0 | xor r8d,r8d |
$+1B7 | 49 8B 56 08 | mov rdx,qword ptr ds: |
$+1BB | 48 8D 4D 78 | lea rcx,qword ptr ss: |
$+1BF | E8 3E 4D 4C 00 | call lostark.7FF6CF8EC3F0 |
$+1C4 | 48 8B 4F 60 | mov rcx,qword ptr ds: |
$+1C8 | 48 8B 01 | mov rax,qword ptr ds: |
$+1CB | 45 33 C0 | xor r8d,r8d |
$+1CE | 48 8D 55 78 | lea rdx,qword ptr ss: |
$+1D2 | FF 90 B0 00 00 00 | call qword ptr ds: |
$+1D8 | 48 8D 4D 68 | lea rcx,qword ptr ss: |
$+1DC | FF 15 D8 60 BF 01 | call qword ptr ds:[<&FCoverReference::FCo |
$+1E2 | 48 C7 45 70 00 00 00 00 | mov qword ptr ss:,0 |
$+1EA | 49 83 7E 38 00 | cmp qword ptr ds:,0 |
$+1EF | 48 8B D3 | mov rdx,rbx |
$+1F2 | 74 03 | je lostark.7FF6CF4276E5 |
$+1F4 | 49 8B 16 | mov rdx,qword ptr ds: |
$+1F7 | 45 33 C9 | xor r9d,r9d |
$+1FA | 45 33 C0 | xor r8d,r8d |
$+1FD | 48 8D 4D 68 | lea rcx,qword ptr ss: |
$+201 | E8 FC 4C 4C 00 | call lostark.7FF6CF8EC3F0 |
$+206 | 48 8B 4F 68 | mov rcx,qword ptr ds: |
$+20A | 48 8B 01 | mov rax,qword ptr ds: |
$+20D | 45 33 C0 | xor r8d,r8d |
$+210 | 48 8D 55 68 | lea rdx,qword ptr ss: |
$+214 | FF 90 B0 00 00 00 | call qword ptr ds: |
$+21A | 48 8B 1D C1 1F 0A 03 | mov rbx,qword ptr ds: |
$+221 | 48 85 DB | test rbx,rbx |
$+224 | 75 34 | jne lostark.7FF6CF427748 |
$+226 | 8D 53 08 | lea edx,dword ptr ds: |
$+229 | B9 60 05 00 00 | mov ecx,560 |
$+22E | FF 15 76 60 BF 01 | call qword ptr ds:[<&appMalloc>] |
$+234 | 48 89 45 C8 | mov qword ptr ss:,rax |
$+238 | 48 85 C0 | test rax,rax |
$+23B | 74 09 | je lostark.7FF6CF427734 |
$+23D | 48 8B C8 | mov rcx,rax |
$+240 | E8 5D 5F 3B FF | call lostark.7FF6CE7DD690 |
$+245 | 90 | nop |
$+246 | 48 8D 88 8C 00 00 00 | lea rcx,qword ptr ds: |
$+24D | 48 8B 01 | mov rax,qword ptr ds: |
$+250 | FF 50 08 | call qword ptr ds: |
$+253 | 48 8B 1D 88 1F 0A 03 | mov rbx,qword ptr ds: |
$+25A | 49 8B D6 | mov rdx,r14 |
$+25D | 48 8D 8D C0 0A 00 00 | lea rcx,qword ptr ss: |
$+264 | E8 D9 55 3B FF | call lostark.7FF6CE7DCD30 |
**** Hidden Message *****
论坛网址 www.yjxsoft.com
郁金香老师:QQ-150330575
VIP群 153338418
QQ交流群 909233189569245158280115
页:
[1]